Oracle patches 7 Apache Struts 2 vulnerabilities

Oracle reported in a security bulletin that these fixes were being issued to its customers in response to the Equifax breach, but that none is related to the issue that allowed the credit monitoring firm to be breached earlier this month, putting 143 million consumers at risk. Oracle said a patch for CVE-2017-5638, which was the offending vulnerability with Equifax, was made available in April.

The vulnerabilities included in this update are CVE-2017-9805, CVE-2017-7672, CVE-2017-9787, CVE-2017-9791, CVE-2017-9793, CVE-2017-9804, and CVE-2017-12611.

Oracle issued details on CVE-2017-9805, which could allow a targeted system to be remotely exploited without user authentication, if left unpatched.

“Oracle strongly recommends that the fixes contained in this Security Alert be applied without delay,” the company said.